ISSN No: 2348-4845 International Journal & Magazine of Engineering, Technology, Management and Research A Peer Reviewed Open Access International Journal

Privacy Preserving in Two Authenticated Servers by Exchange

Mr.P.Anji Babu, M.Tech G.Tabitha J.bhaskar J.Soumya Asst prof, B.Tech Student, B.Tech Student, B.Tech Student, Department of CSE, Department of CSE, Department of CSE, Department of CSE, TKR College of Engineering TKR College of Engineering TKR College of Engineering TKR College of Engineering & Technology. & Technology. & Technology. & Technology.

Abstract: Introduction:

Key exchange (also known as “key establishment”) is If sender and receiver wish to exchange encrypted mes- any method in by which cryptographic sages, each must be equipped to encrypt messages to keys are exchanged between users, allowing use of a be sent and decrypt messages received. The nature of cryptographic algorithm.Diffie–Hellman the equipping they require depends on the (D–H) is a specific method of securely exchanging technique they might use. If they use a code, both will cryptographic keys over a public channel and was one require a copy of the same codebook. If they use a ci- of the first public-key protocols as originally conceptu- pher, they will need appropriate keys. If the cipher is alized by Ralph Merkle. D–H is one of the earliest prac- a symmetric key cipher, both will need a copy of the tical examples of public key exchange implemented same key. If an asymmetric key cipher with the public/ within the field of cryptography. The Diffie–Hellman private key property, both will need the other’s public key exchange method allows two parties that have key. no prior knowledge of each other to jointly establish a key over an insecure channel. The key exchange problem:

This key can then be used to encrypt subsequent com- The key exchange problem is how to exchange what- munications using a symmetric key cipher.- Due to ad- ever keys or other information are needed so that no vances in technology and communication, it requires one else can obtain a copy. Historically, this required more effort to ensure security. It is essential that every- trusted couriers, diplomatic bags, or some other se- organization has the right level of security. Authentica- cure channel. With the advent of public key / private tion in security had emerged to be an essential factor key cipher algorithms, the encrypting key (aka public in the keyestablishment over internet. The DIKE (Deni- key) could be made public, since (at least for high qual- able ) protocols add novelty and ity algorithms) no one without the decrypting key (aka, new value to the IKEstandard. In recent communication the private key) could decrypt the message. systems, as there is more and more use of internet, the security services have becomeessential. Key-exchange Identification: in Diffie–Hellman key-exchange (DHKE) is among the core cryptographic mechanisms to ensurenetwork se- In principle, the only remaining problem was to be sure curity. (or at least confident) that a public key actually be- longed to its supposed owner. Because it is possible to Keywords: ‘spoof’ another’s identity in any of several ways, this is not a trivial or easily solved problem, particularly when Key exchange, Authentication, Cryptography, Dike, the two users involved have never met and know noth- IKE ing about each other.

Volume No: 2 (2015), Issue No: 4 (April) April 2015 www.ijmetmr.com Page 210 ISSN No: 2348-4845 International Journal & Magazine of Engineering, Technology, Management and Research A Peer Reviewed Open Access International Journal

Diffie–Hellman key exchange: authorities. VeriSign is the most prominent commercial firm.This does nothing to solve the problem though, as In 1976, Whitfield Diffie and Martin Hellman published the trustworthiness of the CA itself is still not guaran- a called the Diffie–Hellman key teed from an individual’s standpoint. It is a form of ar- exchange (D–H) based on concepts developed by Hell- gument from authority fallacy. For actual trustworthi- man’s PhD student Ralph Merkle. The protocol enables ness, personal verification that the certificate belongs users to securely exchange secret keys even if an op- to the CA and establishment of trust in the CA are re- ponent is monitoring that communication channel. The quired. This is usually not possible. D–H key exchange protocol, however, does not by it- self address authentication (i.e. the problem of being For those new to such things, these arrangements are sure of the actual identity of the person or ‘entity’ at best thought of as electronic notary endorsements the other end of the communication channel). Authen- that “this public key belongs to this user”. As with no- tication is crucial when an opponent can both monitor tary endorsements, there can be mistakes or misunder- and alter messages within the communication channel standings in such vouchings. Additionally, the notary (aka man-in-the-middle or MITM attacks) and was ad- itself can be untrusted. There have been several high dressed in the fourth section of the 1976 paper. profile public failures by assorted certificate -authori ties.

Web of trust:

At the other end of the conceptual range is the system, which avoids central Certificate Authori- ties entirely. Each user is responsible for getting any certificate from another before using that certificate to communicate with, vet digital signatures from, ... the user claimed to be associated with the particular public key in a certificate. PGP (and GPG, an implementation of the OpenPGP Internet Standard) employ just such a web of trust mechanism. Together they are the most widely used high quality crypto system in the world. [citation needed]

Password-authenticated key agreement:

Password-authenticated key agreement algorithms Public key infrastructure: can perform a cryptographic key exchange utilizing knowledge of a user’s password. Public key infrastructures (PKIs) have been proposed as a way around this problem of identity authentica- Quantum key exchange: tion. In their most usual implementation, each user ap- plies to a ‘certificate authority’ for a digital certificate The BB84 key exchange protocol—like any quantum which serves for other users as a non-tamperable au- key exchange protocol—exploits certain properties thentication of identity, at the risk of compromising quantum physics to ensure its security. Since quantum every user in case the CA itself is compromised. Several mechanics ensures physical traces as a result of mere countries and other jurisdictions have passed legisla- observation, it provides protection against man-in- tion or issued regulations encouraging PKIs by giving the-middle attacks that cannot, as a matter of physical (more or less) legal effect to these digital certificates. principle, be circumvented. Several commercial firms, and a few government de- partments, have established such certificate

Volume No: 2 (2015), Issue No: 4 (April) April 2015 www.ijmetmr.com Page 211 ISSN No: 2348-4845 International Journal & Magazine of Engineering, Technology, Management and Research A Peer Reviewed Open Access International Journal

The Internet Key Exchange (IKE) is an IPsec (In- 2. Secure key exchange security(SK-security) ternet Protocol Security) standard protocol used to ensure security for virtual private network (VPN) nego- 3. Concurrent Non- Malleable statistical Zero-Knowl- tiation and remote host or network access. Specified in edge (CNMSZK) for DHKE IETF Request for Comments (RFC) 2409, IKE defines an automatic means of negotiation and authentication for 4. Concurrent knowledge of Exponent Assumption. IPsec security associations (SA). Security associations These various methods are get compared with each are security policies defined for communication- be other. tween two or more entities; the relationship between the entities is represented by a key. The IKE protocol a) SK-security vs. CNMSZK for DHKE: ensures security for SA communication without the preconfiguration that would otherwise be required. According to Sk-security if the session is uncorrupted then the session key is unknown to anyone expect this A hybrid protocol, IKE implements two earlier security peer and if theunexposed peer completes a matching protocols, Oakley and SKEME, within an ISAKMP (In- session then the two parties have the same shared key. ternet Security Association and Key Management Pro- Now according to CNMSZK if the possibly malicious tocol) TCP/IP-based framework. ISAKMP specifies the peer completes a matching session then not only the framework for key exchange and authentication; the two parties havethe same shared key but also the peer Oakley protocol specifies a sequence of key exchanges does know both the DH-exponent and the secret key and describes their services (such as identity protection corresponding to the DH-componentand public key and authentication); and SKEME specifies the actual send alleged by it in the test-session. method of key exchange. Although IKE is not required for IPsec configuration, it offers a number of benefits, b) CNMSZK for DHKE vs. traditional CNMSZK including: automatic negotiation and authentication; based approaches: anti-replay services (see anti-replay protocol); certifica- tion authority (CA) support; and the ability to change CNMSZK formulation for DHKE is based on the tradi- encryption keys during an IPsec session. tional CNMSZK formulation but some essential differ- ences. On onehand traditional CNMSZK formulation LITERATURE REVIEW: considers a pair of players of fixed role, specifically one prover and one verifier. Onother hand , privacy preserv- Various authors describe various features in their tech- ing CNMSZK proposes additional privacy requirements niques which they are used for the Internet key ex- for the session messages of DHKE beingexchanged change ,all havetheir smart opinions and illustration for concurrently over internet. the key exchange mechanism. Suyeon Park and Hee-Joo Park(IJSIA Vol.8, No.4 (2014), Andrew Chi-Chao Yao and yunlei Zao(IEEE VOL. 9, NO. pp.307-320 ISSN: 1738-9976 ) In this paper the disad- 1, JANUARY 2014 ) The Basic of this paper is to pro- vantagesobserved in Yang,et al in 3PAKA protocols are videsecrecy and confidentiality to the sender as well get overcomes, especially in financial secure advan- as receiver. for that they use DHKE(Diffie hellman key tages, they have been verywidely deployed. This paper exchange).With thehelp of DHKE they develop a fam- has been reviewed Yang, et al., provably secure 3PAKA ily of privacy preserving authenticated DHKE protocols protocol. By using smart cards theyshown that the pro- named deniable Internet keyexchange. They provide tocol is weak against offline password guessing attack useful privacy protection to both protocol participants. with lost smartcard and does not provideauthentica- The security of DIKE is analysed in accordance with the tion in the password updating phase. Furthermore, it various methods, some methods are as follows: is possible to be tracked by attacker. BY analysing that Yang, etal., 3PAKA protocol does not provide user ano- 1. Canetti-Krawczyk framework (CK-framework) with nymity. In order to solve the weaknesses in Yang, et al., post specified peers in the random oracle(RO)model. 3PAKA protocol, thispaper proposed a privacy preserv- ing 3PAKA (P_3PAKA) protocol using smart cards.

Volume No: 2 (2015), Issue No: 4 (April) April 2015 www.ijmetmr.com Page 212 ISSN No: 2348-4845 International Journal & Magazine of Engineering, Technology, Management and Research A Peer Reviewed Open Access International Journal

P_3PAKAprotocol provides useranonymity and un- In order to define the security of this framework, they traceability by using dynamic identifier depending on use the UC framework and an appropriate definition for each session’s nonce. P_3PAKA protocol is moresecure languagesthat permits to dissociate the public part of while maintaining efficiency than the other previous the policy, the private important information the users protocols. In this paper total 12 criteria is given, those want to check and the secretvalues each user owns that criteria has some required features, if those features is assess the membership to the languages. They provide get satisfied by the method then the comparison can an ideal functionality for LAKE and giveefficient realiza- be done that which is the mostsecure method for the tions of the new primitive secure under classical mild user Yang, et al., 3PAKA protocol is consist with four assumptions, in the standard model with a common- phases, Basically four phases are given. reference string, with static corruptions. They signifi- cantly improve the efficiency of several CAKE protocol 1) Registration Phase for specificlanguages and enlarge the set of languages for which they construct practical schemes. Notably, 2) Login Phase they obtain a very practicalrealization of Secret Hand- shakes and a Verifier-based Password-Authenticated 3) Password updating Phase Key Exchange.

4) Key agreement Phase Existing system:

And these phases are also taken in P_3PAKA protocol Key-exchange, in particular Diffie–Hellman there are two purpose of this paper: one is to show se- keyexchange(DHKE), is among the core cryptographic curityweaknesses in Yang, et al., protocol and the other mechanismsfor ensuring network security. For key-ex- is to propose a new 3PAKA protocol to solve the prob- change over theInternet, both security and privacy are lems in Yang, et al.,3PAKA protocol. Firstly, this paper desired. review a security weakness against password guessing attack with lost smart card and lackof good properties PROPOSED WORK/METHODOLOGY: for ubiquitous environment in Yang, et al., protocol. Then, this paper proposes a new privacy preserving3A- In this section we will see how to protect the key from KA (P_3PAKA) protocol using smart cards to solve the the intruder and how to ensure privacy for both proto- security problems in Yang, et al., protocol. It provides col participants. The privacy preserving method is used useranonymity and un-traceability by adopting dynam- for the security providing mechanism. In the Internet ic identifier depending on each session’s nonce. there is one storage media for store the data and that storage is used to store all the search word. Whatever (Fabrice Ben Hamouda Olivier Blazy, Celine Chevalier, data user want to send, that data get encrypted and David Point cheval and Damien Vergnaud)In this pa- the storage media also used by the user, and if the user per theypropose a new primitive that encompasses cannot be able to send data with the encryption tech- most of the previous notions of authenticated key ex- nique then the process will get stop. change. It is closely related toCAKE and the authors call it LAKE, for Language-Authenticated Key-Exchange, The data will be send to the end user by using key and since parties establish a common key if andonly if they encryption technique, and the end user will be access hold credentials that belong to specific languages. The that data by decryption technique and the key. Basi- definition of the primitive is more practice-oriented cally there is one database is already created, because than thedefinition of CAKE from, but the two notions the key which is sent by the sender will be stored in the are very transparent. In particular, the new primitive database. sender and receiver both have their email ID, enables privacy-preservingauthentication and key ex- and sender knows the e-mail id of receiver and receiver change protocols by allowing two members of the same knows the sender. So that they will the authenticate group to secretly and privately authenticate toeach and true user of the key and the message. The log in other without revealing this group beforehand. and password are also plays most important role in this process.

Volume No: 2 (2015), Issue No: 4 (April) April 2015 www.ijmetmr.com Page 213 ISSN No: 2348-4845 International Journal & Magazine of Engineering, Technology, Management and Research A Peer Reviewed Open Access International Journal

Without the registration the key will not accessed by References: the receiver as well as sender. For accessing the mes- sage or any document or any type of data ,the key which 1. Andrew Chi-Chih Yao and Yunlei Zhao“Privacy-Pre- is sent by sender have to match with the key which is serving Authenticated Key-Exchange Over Internet” stored in the database, if the key will not match then IEEE TRANSACTIONS ON INFORMATIONFORENSICS receiver get message “Wrong matching data”. And AND SECURITY, VOL. 9, NO. 1, JANUARY 2014. if the key will match then search document from en- crypted key and Getting Most Encrypted. 2. Miss. Pooja P. Taral Prof. Vijay B. Gadicha, “Secure Key Exchange over Internet” International Journal of Data Flow Diagram: Computer Science and Mobile Computing,Vol.3 Issue.3, March- 2014, pg. 545-548 ISSN 2320–088X.

3. Suyeon Park and Hee-Joo Park, “Privacy Preserving Three-party Authenticated Key Agreement Protocol using Smart Cards” IJSIA Vol.8, No.4 (2014),pp.307-320

4. Andrew C. Yao Frances F. Yao Yunlei Zhao Bin Zhu, “Deniable Internet Key Exchange” Institute for Theo- retical Computer Science, TsinghuaUniversity, Beijing, China., Vol.10, 3 March 2013.

5. Fabrice Ben Hamouda Olivier Blaze C_eline Chevalier David Pointcheval and Damien Vergnaud “Efficient UC- Secure Authenticated Key-Exchange forAlgebraic Lan- guages” 16th International Conference on Practice and Theory in Public-Key Cryptography (PKC ‘13) 1 March 2013, Nara, Japan) KaoruKurosawa Ed., Springer-Ver- lag, 2013.

6. A. P. Sarr and P. E. Vincent, “A complementary analy- sis of the (s)YZ and DIKE Protocols,” in Proc. Africacrypt 2012, pp. 203–220.

7. Ayman Mousa Elsayed Nigm Sayed El-Rabaie Osama Faragallas,” Query Processing Performance on En- crypted Databases by Using the REAAlgorithm” IJNS Vol.14, No.5, PP.280-288, Sept. 2012 CONCLUSION: The problem of key exchange has not yet been solved. 8. Dexin Yang Bo Yang,” A Novel Multi-factor Authenti- In particular, it has not yet been solved for the modern cated Key Exchange Scheme With Privacy Preserving”, situation of two previously unknown users attempting Journal of Internet Services andInformation Security, to communicate electronically, as, for instance, in elec- volume: 1,2011 number: 2/3, pp. 44-56. tronic commerce. Some of the existing work-around 9. A. C. Yao and Y. Zhao, “Deniable Internet key- designs work, more or less, but are not fully satisfac- exchange,” IACR (The International Association for tory.In this paper we have pointed out various tech- Cryptologic Research), San Diego, CA, USA, Tech.Rep. niques used for key exchange by authenticate way. 2011/035, Jan. 2011. such as DHKE, DIKE,P_3PAKA protocol, CAKE, LAKE, Biometric way. All these techniques are used to ensure 10. J. Camenisch, N. Casati, T. Gross, and V. Shoup, confidentiality and privacy for keyand both protocol “Credential authenticated identification and key ex- participant. change,” in Proc. CRYPTO 2010, pp. 255–276.

Volume No: 2 (2015), Issue No: 4 (April) April 2015 www.ijmetmr.com Page 214 ISSN No: 2348-4845 International Journal & Magazine of Engineering, Technology, Management and Research A Peer Reviewed Open Access International Journal

11. C. J. F. Cremers, “Formally and practically relating 13. Boyd C., Mao, W., Paterson, K.G., “Deniable Authen- the CK, CK-HMQV, and eCK security models for authen- ticated Key Establishment for Internet Protocols, 11th ticated key exchange,” IACR (TheInternational Asso- International Workshop on SecurityProtocols”, LNCS, ciation for Cryptologic Research), San Diego, CA, USA, vol. 3364, pp. 255-271 (2003). Tech. Rep. 2009/253, 2009. 14. M.S. Borella, “Methods and protocols for secure key 12. L. Harn, W.-J. Hsin and M. Mehta, “Authenticated negotiation using IKE,” IEEE Network, (2000), 18-29. Diffie–Hellman key agreement protocol using a single cryptographic asumption”, IEEE Proc.- Commun., Vol. 152, No. 4, August 2005.

Volume No: 2 (2015), Issue No: 4 (April) April 2015 www.ijmetmr.com Page 215